127a1da37b
1 new exploits EvansFTP - (EvansFTP.ocx) Remote Buffer Overflow (PoC) EvansFTP - 'EvansFTP.ocx' Remote Buffer Overflow (PoC) Kaspersky 17.0.0 - Local CA root is Incorrectly Protected Kaspersky 17.0.0 - Local CA root Incorrectly Protected CoolPlayer 2.19 - (.Skin) Local Buffer Overflow (Python) CUPS < 1.3.8-4 - (pstopdf filter) Privilege Escalation CoolPlayer 2.19 - '.Skin' Local Buffer Overflow (Python) CUPS < 1.3.8-4 - Privilege Escalation Evans FTP - 'EvansFTP.ocx' ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities Microsoft Windows 10 Edge - 'chakra.dll' Info Leak / Type Confusion Remote Code Execution Phpclanwebsite 1.23.1 - (par) SQL Injection Phpclanwebsite 1.23.1 - SQL Injection Nukedit CMS 4.9.6 - Unauthorized Admin Add Nukedit 4.9.6 - Unauthorized Admin Add iyzi Forum 1.0 Beta 3 - (uye_ayrinti.asp) SQL Injection iyzi Forum 1.0 Beta 3 - SQL Injection Liberum Help Desk 0.97.3 - (details.asp) SQL Injection Liberum Help Desk 0.97.3 - SQL Injection Pligg 9.9.0 - Remote Code Execution Pligg 9.9.0 - Cross-Site Scripting / Local File Inclusion / SQL Injection Pligg CMS 9.9.0 - Remote Code Execution Pligg CMS 9.9.0 - Cross-Site Scripting / Local File Inclusion / SQL Injection CF_Auction - (forummessage) Blind SQL Injection CFMBLOG - 'index.cfm categorynbr' Blind SQL Injection CF_Auction - Blind SQL Injection CFMBLOG - 'categorynbr' Parameter Blind SQL Injection phpAddEdit 1.3 - (editform) Local File Inclusion phpAddEdit 1.3 - 'editform' Parameter Local File Inclusion MyCal Personal Events Calendar - 'mycal.mdb' Database Disclosure MyCal Personal Events Calendar - Database Disclosure Affiliate Software Java 4.0 - (Authentication Bypass) SQL Injection Ad Management Java - (Authentication Bypass) SQL Injection Banner Exchange Java - (Authentication Bypass) SQL Injection Affiliate Software Java 4.0 - Authentication Bypass Ad Management Java - Authentication Bypass Banner Exchange Java - Authentication Bypass ASP-CMS 1.0 - (index.asp cha) SQL Injection SUMON 0.7.0 - (chg.php host) Command Execution Xpoze 4.10 - (home.html menu) Blind SQL Injection Social Groupie - 'group_index.php id' SQL Injection ASP-CMS 1.0 - 'cha' Parameter SQL Injection SUMON 0.7.0 - Command Execution Xpoze 4.10 - 'menu' Parameter Blind SQL Injection Social Groupie - 'id' Parameter SQL Injection Umer Inc Songs Portal Script - 'id' SQL Injection Umer Inc Songs Portal Script - 'id' Parameter SQL Injection ASPired2Quote - 'quote.mdb' Remote Database Disclosure ASP-DEV Internal E-Mail System - (Authentication Bypass) SQL Injection ASPired2Quote - Remote Database Disclosure ASP-DEV Internal E-Mail System - Authentication Bypass iyzi Forum 1.0b3 - (iyziforum.mdb) Database Disclosure CodeAvalanche FreeForum - 'CAForum.mdb' Database Disclosure iyzi Forum 1.0b3 - Database Disclosure CodeAvalanche FreeForum - Database Disclosure FLDS 1.2a - (redir.php id) SQL Injection FLDS 1.2a - 'redir.php' SQL Injection Mediatheka 4.2 - (index.php lang) Local File Inclusion Mediatheka 4.2 - 'lang' Parameter Local File Inclusion Forest Blog 1.3.2 - (blog.mdb) Remote Database Disclosure CodeAvalanche Directory - 'CADirectory.mdb' Database Disclosure CodeAvalanche FreeForAll - 'CAFFAPage.mdb' Database Disclosure Forest Blog 1.3.2 - Remote Database Disclosure CodeAvalanche Directory - Database Disclosure CodeAvalanche FreeForAll - Database Disclosure CodeAvalanche Articles - 'CAArticles.mdb' Database Disclosure CodeAvalanche RateMySite - 'CARateMySite.mdb' Database Disclosure CodeAvalanche Articles - Database Disclosure CodeAvalanche RateMySite - Database Disclosure FLDS 1.2a - (lpro.php id) SQL Injection BabbleBoard 1.1.6 - 'Username' Cross-Site Request Forgery/Cookie Grabber Exploit FLDS 1.2a - 'lpro.php' SQL Injection BabbleBoard 1.1.6 - Cross-Site Request Forgery/Cookie Grabber Exploit The Rat CMS Alpha 2 - (Authentication Bypass) SQL Injection XOOPS Module Amevents - 'print.php id' SQL Injection CadeNix - 'cid' SQL Injection The Rat CMS Alpha 2 - Authentication Bypass XOOPS Module Amevents - SQL Injection CadeNix - SQL Injection CFAGCMS 1 - 'right.php title' SQL Injection CFAGCMS 1 - SQL Injection FaScript FaUpload - 'download.php' SQL Injection Web Wiz Guestbook 8.21 - (WWGGuestbook.mdb) DD FLDS 1.2a - report.php (linkida) SQL Injection FaScript FaUpload - SQL Injection Web Wiz Guestbook 8.21 - Database Disclosure FLDS 1.2a - 'report.php' SQL Injection Gnews Publisher .NET - (authors.asp authorID) SQL Injection Gnews Publisher .NET - SQL Injection Joomla! Component Tech Article 1.x - (item) SQL Injection TinyMCE 2.0.1 - (index.php menuID) SQL Injection Joomla! Component Tech Article 1.x - SQL Injection TinyMCE 2.0.1 - 'menuID' Parameter SQL Injection QuickerSite Easy CMS - 'QuickerSite.mdb' Database Disclosure QuickerSite Easy CMS - Database Disclosure I-Rater Basic - 'messages.php' SQL Injection I-Rater Basic - SQL Injection Injader CMS 2.1.1 - 'id' SQL Injection Injader CMS 2.1.1 - 'id' Parameter SQL Injection MyPHPsite - 'index.php mod' Local File Inclusion MyPBS - 'index.php seasonID' SQL Injection MyPHPsite - Local File Inclusion MyPBS - 'seasonID' Parameter SQL Injection Extract Website - 'download.php Filename' File Disclosure Extract Website - 'Filename' Parameter File Disclosure FreeLyrics 1.0 - (source.php p) Remote File Disclosure FreeLyrics 1.0 - Remote File Disclosure Userlocator 3.0 - (y) Blind SQL Injection Userlocator 3.0 - Blind SQL Injection chicomas 2.0.4 - Database Backup / File Disclosure / Cross-Site Scripting Chicomas 2.0.4 - Database Backup / File Disclosure / Cross-Site Scripting BLOG 1.55B - (image_upload.php) Arbitrary File Upload BLOG 1.55B - 'image_upload.php' Arbitrary File Upload RSS Simple News - 'news.php pid' SQL Injection Text Lines Rearrange Script - 'Filename' File Disclosure RSS Simple News - SQL Injection Text Lines Rearrange Script - 'Filename' Parameter File Disclosure Pligg 9.9.5b - (check_url.php url) Arbitrary File Upload / SQL Injection Pligg 9.9.5b - Arbitrary File Upload / SQL Injection Joomla! Component Volunteer 2.0 - (job_id) SQL Injection Joomla! Component Volunteer 2.0 - SQL Injection Calendar Script 1.1 - (Authentication Bypass) SQL Injection REDPEACH CMS - (zv) SQL Injection Calendar Script 1.1 - Authentication Bypass REDPEACH CMS - SQL Injection PHPLD 3.3 - (page.php name) Blind SQL Injection PHPLD 3.3 - Blind SQL Injection The Rat CMS Alpha 2 - 'viewarticle.php id' Blind SQL Injection The Rat CMS Alpha 2 - Blind SQL Injection Pligg 9.9.5 - Cross-Site Request Forgery / Protection Bypass / Captcha Bypass Pligg CMS 9.9.5 - Cross-Site Request Forgery / Protection Bypass / Captcha Bypass Flatnux 2009-01-27 - (Job fields) Cross-Site Scripting / Iframe Injection (PoC) Flatnux 2009-01-27 - Cross-Site Scripting / Iframe Injection (PoC) flatnux 2009-01-27 - Remote File Inclusion Flatnux 2009-01-27 - Remote File Inclusion flatnux 2009-03-27 - Arbitrary File Upload / Information Disclosure Flatnux 2009-03-27 - Arbitrary File Upload / Information Disclosure Pligg 9.9.0 - (editlink.php id) Blind SQL Injection Pligg CMS 9.9.0 - 'editlink.php' Blind SQL Injection CF Shopkart 5.3x - 'itemID' SQL Injection CF Shopkart 5.3x - 'itemID' Parameter SQL Injection worksimple_1.3.2 - Multiple Vulnerabilities WorkSimple 1.3.2 - Multiple Vulnerabilities Pligg 1.1.2 - Blind SQL Injection / Cross-Site Scripting Pligg CMS 1.1.2 - Blind SQL Injection / Cross-Site Scripting Constructr CMS 3.03 - MultipleRemote Vulnerabilities Constructr CMS 3.03 - Multiple Remote Vulnerabilities Pligg 1.1.4 - SQL Injection Pligg CMS 1.1.4 - SQL Injection phpLDAPadmin 1.2.1.1 - (query_engine) Remote PHP Code Injection (1) phpLDAPadmin 1.2.1.1 - Remote PHP Code Injection (1) phpLDAPadmin 1.2.1.1 - (query_engine) Remote PHP Code Injection (Metasploit) (2) phpLDAPadmin 1.2.1.1 - Remote PHP Code Injection (Metasploit) (2) OneOrZero Helpdesk 1.4 - TUpdate.php SQL Injection OneOrZero Helpdesk 1.4 - install.php Administrative Access OneOrZero Helpdesk 1.4 - 'TUpdate.php' SQL Injection OneOrZero Helpdesk 1.4 - 'install.php' Administrative Access phpLDAPadmin 0.9.6/0.9.7 - welcome.php custom_welcome_page Variable Arbitrary File Inclusion phpLDAPadmin 0.9.6/0.9.7 - 'welcome.php' Arbitrary File Inclusion phpLDAPadmin 0.9.8 - compare_form.php dn Parameter Cross-Site Scripting phpLDAPadmin 0.9.8 - copy_form.php dn Parameter Cross-Site Scripting phpLDAPadmin 0.9.8 - rename_form.php dn Parameter Cross-Site Scripting phpLDAPadmin 0.9.8 - 'compare_form.php' Cross-Site Scripting phpLDAPadmin 0.9.8 - 'copy_form.php' Cross-Site Scripting phpLDAPadmin 0.9.8 - 'rename_form.php' Cross-Site Scripting phpLDAPadmin 0.9.8 - search.php scope Parameter Cross-Site Scripting phpLDAPadmin 0.9.8 - template_engine.php Multiple Parameter Cross-Site Scripting phpLDAPadmin 0.9.8 - 'search.php' Cross-Site Scripting phpLDAPadmin 0.9.8 - 'template_engine.php' Cross-Site Scripting Pligg 9.5 - Reset Forgotten Password Security Bypass Pligg CMS 9.5 - Reset Forgotten Password Security Bypass Click&BaneX - Details.asp SQL Injection Click&BaneX - 'Details.asp' SQL Injection ChiCoMaS 2.0.4 - 'index.php' Cross-Site Scripting Chicomas 2.0.4 - 'index.php' Cross-Site Scripting Pligg 9.9.5 - 'CAPTCHA' Registration Automation Security Bypass Pligg CMS 9.9.5 - 'CAPTCHA' Registration Automation Security Bypass Pligg 1.0.4 - 'search.php' Cross-Site Scripting Pligg CMS 1.0.4 - 'search.php' Cross-Site Scripting Pligg 2.0.1 - Multiple Vulnerabilities Pligg CMS 2.0.1 - Multiple Vulnerabilities Open Journal Systems (OJS) 2.3.6 - /lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/ibrowser.php Multiple Parameter Cross-Site Scripting Open Journal Systems (OJS) 2.3.6 - /lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/scripts/rfiles.php Multiple Function Traversal Arbitrary File Manipulation Open Journal Systems (OJS) 2.3.6 - 'rfiles.php' Traversal Arbitrary File Manipulation FlatnuX CMS - controlcenter.php contents/Files Action dir Parameter Traversal Arbitrary File Access FlatnuX CMS - Traversal Arbitrary File Access Atlassian Confluence Jira 5.9.12 - Persistent Cross-Site Scripting Atlassian Confluence 5.9.12 - Persistent Cross-Site Scripting |
||
|---|---|---|
| .. | ||
| dos | ||
| local | ||
| remote | ||
| webapps | ||